On Thu, Jul 13, 2017 at 08:22:02PM +0200, Phil Sutter wrote:
> Just a quick status update: It's a mess. ;)
OK, let's address problems one by one.
> There are so many different cases, I actually started drawing flow
> diagrams (can't remember when I did that last time). In addition to what
> we discussed already, I realized that via 'nft -f', I can make multiple
> changes to even different sets within a single transaction - this
> requires dealing with cached half-open ranges everywhere, not just in
> NEWGEN callback.
half-open ranges always start by a NFT_SET_ELEM_INTERVAL_END flag set
on, eg.
# nft --debug=netlink add element x y { 5-65535 }
element 00000000 : 1 [end] element 00000500 : 0 [end]
> Another trap is 'nft flush set': The elements are reported in
> reverse order.
Could you have a look at the function to order elements using the
mergesort function? It's currently only called for non-intervals by
now, so it would be good to converge to use it in all cases.
Anything else?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
